Samuel Dubrul has posted an interesting powershell script to have a SCOM daily alert report. His script summarizes:
- Total number of alerts that occurred yesterday
This can indicate if there are a lot of monitors that are flip flopping
- The number of active alerts (total, critical, warning, informational)
This should always be as low as possible
- A sorted list of the “yesterday” alerts based on number of occurences and Name
These are the alerts on which you should start to work pro-actively , especially if the count is high.
- A sorted list of the current critical alerts, perhaps the most urgent ones to work on
I've modified the script to be able to use it a a function ( see my post on Powershell Profile) you can add to your profile and added some functionnalities. In parameter you can define what number of day before today you want the report to start and also specify a duration...
A new sorted list has beed added : a Top 10 of alerts sorted by repeatcount
Here is the new script : To be SCOM 2012 compliant, just replace get-alert by get-scomalert
- Function AlertReport ([int] $DayBack,[int] $Duration) {
- If ($DayBack -eq ""){$DayBack = 1}
- If ($Duration -eq ""){$Duration = $DayBack}
- #Get between dates Yesterday
- $AlertDateBegin = [DateTime]::Today.AddDays(-$DayBack)
- $SecondsToAdd = $Duration * 86399
- $AlertDateEnd = [DateTime]::Today.AddDays(-$DayBack).AddSeconds($SecondsToAdd)
- write-host "***********************************************************************" -foregroundcolor "Green"
- write-host "ALERT REPORT:" -foregroundcolor "Green"
- write-host "" -foregroundcolor "Green"
- write-host "START DATE: $AlertDateBegin - END DATE: $AlertDateEnd" -foregroundcolor "Green"
- write-host "***********************************************************************" -foregroundcolor "Green"
- #Get yesterday alerts
- $LastdayAlerts = @(get-alert | where {$_.TimeRaised -gt $AlertDateBegin -and $_.TimeRaised -lt $AlertDateEnd})
- #write the output
- write-host
- write-host NUMBER OF ACTIVE ALERTS : ($LastdayAlerts).Count
- write-host
- write-host CURRENT NUMBER OF ACTIVE ALL ALERTS: @(get-alert | where {$_.ResolutionState -ne '255'}).count
- write-host CURRENT NUMBER OF ACTIVE CRITICAL ALERTS: @(get-alert | where {$_.ResolutionState -ne '255' -and $_.Severity -eq '2'}).count -foregroundcolor "red"
- write-host CURRENT NUMBER OF ACTIVE WARNING ALERTS: @(get-alert | where {$_.ResolutionState -ne '255' -and $_.Severity -eq '1'}).count -foregroundcolor "yellow"
- write-host CURRENT NUMBER OF ACTIVE INFORMATIONAL ALERTS: @(get-alert | where {$_.ResolutionState -ne '255' -and $_.Severity -eq '0'}).count
- write-host
- write-host
- write-host TOPLIST OF ALERTS SORTED BY COUNT:
- #list and sort yesterday alerts
- $LastdayAlerts | Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table –auto -wrap
- write-host
- write-host "TOP 10 LIST OF ALERTS SORTED BY REAPEATCOUNT WITH MONITORING OBJECT PATH"
- #list top noisiest alerts
- $LastdayAlerts | Sort -desc RepeatCount | select-object -first 10 Name, RepeatCount, MonitoringObjectPath |Format-Table –auto | Out-String -Width 4096
- #list and sort current active alerts
- write-host CURRENT ACTIVE CRITICAL ALERT LIST: -foregroundcolor "red"
- (get-alert | where {$_.ResolutionState -ne '255' -and $_.Severity -eq '2'} | Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table –auto -wrap)
- }
- First one, just execute the AlertReport with no parameter : this will give you a summary for the last past day.
- Execute AlertReport with one [int] parameter: this will generate a report for the [Int] last past days
- Execute AlertReport with 2 [int] parameters (for example AlertReport 3 2) : this will generate a report that start 3 days before today for a duration equals to 2 days.
Hope these modification will help some of you ! :)
Don't forget to use the reporting instead of using powershell script... you'll free one SDK connection !
This posting is provided "AS IS" with no warranties.
No comments:
Post a Comment